[asterisk-bugs] [JIRA] (ASTERISK-25648) chan_sip returns forbidden 403, if the incoming number was determined as the present.
Alexey A. Astashov (JIRA)
noreply at issues.asterisk.org
Thu Jan 7 03:22:33 CST 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-25648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=228859#comment-228859 ]
Alexey A. Astashov edited comment on ASTERISK-25648 at 1/7/16 3:22 AM:
-----------------------------------------------------------------------
Oh. What exactly should be sent from the configuration?
sip.conf - (GW Server)
.............
[001001]
username=001002
type=friend
insecure=port, invite
secret=MyPassword
qualify=yes
host=172.16.15.194
allow=all
context=from-trunk-sip-001001
part of extensions.conf - gw-server
{code}
.................
exten => 21,1,Set(TDIAL_STRING=SIP/001001)
exten => 21,n,Set(DIAL_TRUNK=21)
exten => 21,n,Goto(ext-trunk,tdial,1)
exten => tdial,1,Set(OUTBOUND_GROUP=OUT_${DIAL_TRUNK})
exten => tdial,n,GotoIf($["${OUTMAXCHANS_${DIAL_TRUNK}}" = ""]?nomax)
exten => tdial,n,GotoIf($[${GROUP_COUNT(OUT_${DIAL_TRUNK})} >= ${OUTMAXCHANS_${DIAL_TRUNK}}]?hangit)
exten => tdial,n(nomax),ExecIf($["${CALLINGPRES_SV}" != ""]?Set(CALLERPRES()=${CALLINGPRES_SV}))
exten => tdial,n,Set(DIAL_NUMBER=${FROM_DID})
exten => tdial,n,GosubIf($["${PREFIX_TRUNK_${DIAL_TRUNK}}" != ""]?sub-flp-${DIAL_TRUNK},s,1())
exten => tdial,n,Set(OUTNUM=${OUTPREFIX_${DIAL_TRUNK}}${DIAL_NUMBER})
exten => tdial,n,Set(DIAL_TRUNK_OPTIONS=${IF($["${DB_EXISTS(TRUNK/${DIAL_TRUNK}/dialopts)}" = "1"]?${DB_RESULT}:${TRUNK_OPTIONS})})
exten => tdial,n,Dial(${TDIAL_STRING}/${OUTNUM},${TRUNK_RING_TIMER},${DIAL_TRUNK_OPTIONS})
exten => tdial,n,Set(CALLERID(number)=${CALLERID(number):0:40})
exten => tdial,n,Set(CALLERID(name)=${CALLERID(name):0:40})
exten => tdial,n(hangit),Hangup
;--== end of [ext-trunk] ==--;
[from-trunk-sip-001001]
exten => _.,1,Set(GROUP()=OUT_21)
exten => _.,n,Goto(from-trunk,${EXTEN},1)
;--== end of [from-trunk-sip-001001] ==--;
[outrt-24] ; TO-NEW-OFFICE
exten => _11XX,1,Macro(user-callerid,LIMIT,EXTERNAL,)
exten => _11XX,n,GosubIf($[${LEN(${FROM_DID})}>0 & "${FROM_DID}"!="s"]?sub-diversion-header,s,1())
exten => _11XX,n,Set(INTRACOMPANYROUTE=YES)
exten => _11XX,n,Set(MOHCLASS=${IF($["${MOHCLASS}"=""]?default:${MOHCLASS})})
exten => _11XX,n,Set(_NODEST=)
exten => _11XX,n,Gosub(sub-record-check,s,1(out,${EXTEN},))
exten => _11XX,n,Macro(dialout-trunk,8,${EXTEN},,off)
exten => _11XX,n,Macro(outisbusy,)
exten => _12XX,1,Macro(user-callerid,LIMIT,EXTERNAL,)
exten => _12XX,n,GosubIf($[${LEN(${FROM_DID})}>0 & "${FROM_DID}"!="s"]?sub-diversion-header,s,1())
exten => _12XX,n,Set(INTRACOMPANYROUTE=YES)
exten => _12XX,n,Set(MOHCLASS=${IF($["${MOHCLASS}"=""]?default:${MOHCLASS})})
exten => _12XX,n,Set(_NODEST=)
exten => _12XX,n,Gosub(sub-record-check,s,1(out,${EXTEN},))
exten => _12XX,n,Macro(dialout-trunk,8,${EXTEN},,off)
exten => _12XX,n,Macro(outisbusy,)
;--== end of [outrt-24] ==--;
{code}
............
part of sip.conf - (users server which gives an Forbidden 403)
[001002]
defaultuser=001001
type=friend
insecure=port,invite
secret=MyPassword
qualify=yes
host=172.16.15.196
allow=all
context=from-trunk-sip-001002
........
part of extensions.conf users-server:
{code}
[from-trunk-sip-001002]
include => from-trunk-sip-001002-custom
exten => _.,1,Set(GROUP()=OUT_1)
exten => _.,n,Goto(from-trunk,${EXTEN},1)
;--== end of [from-trunk-sip-001002] ==--;
[from-trunk-iax2-00704]
include => from-trunk-iax2-00704-custom
exten => _.,1,Set(GROUP()=OUT_2)
exten => _.,n,Goto(from-trunk,${EXTEN},1)
;--== end of [from-trunk-iax2-00704] ==--;
[ext-trunk]
include => ext-trunk-custom
exten => 1,1,Set(TDIAL_STRING=SIP/001002)
exten => 1,n,Set(DIAL_TRUNK=1)
exten => 1,n,Goto(ext-trunk,tdial,1)
exten => 2,1,Set(TDIAL_STRING=IAX2/00704)
exten => 2,n,Set(DIAL_TRUNK=2)
exten => 2,n,Goto(ext-trunk,tdial,1)
exten => tdial,1,Set(OUTBOUND_GROUP=OUT_${DIAL_TRUNK})
exten => tdial,n,GotoIf($["${OUTMAXCHANS_${DIAL_TRUNK}}" = ""]?nomax)
exten => tdial,n,GotoIf($[${GROUP_COUNT(OUT_${DIAL_TRUNK})} >= ${OUTMAXCHANS_${DIAL_TRUNK}}]?hangit)
exten => tdial,n(nomax),ExecIf($["${CALLINGNAMEPRES_SV}" != ""]?Set(CALLERPRES(name-pres)=${CALLINGNAMEPRES_SV}))
exten => tdial,n,ExecIf($["${CALLINGNUMPRES_SV}" != ""]?Set(CALLERPRES(num-pres)=${CALLINGNUMPRES_SV}))
exten => tdial,n,Set(DIAL_NUMBER=${FROM_DID})
exten => tdial,n,GosubIf($["${PREFIX_TRUNK_${DIAL_TRUNK}}" != ""]?sub-flp-${DIAL_TRUNK},s,1())
exten => tdial,n,Set(OUTNUM=${OUTPREFIX_${DIAL_TRUNK}}${DIAL_NUMBER})
exten => tdial,n,Set(DIAL_TRUNK_OPTIONS=${IF($["${DB_EXISTS(TRUNK/${DIAL_TRUNK}/dialopts)}" = "1"]?${DB_RESULT}:${TRUNK_OPTIONS})})
exten => tdial,n,Dial(${TDIAL_STRING}/${OUTNUM}${TDIAL_SUFFIX},${TRUNK_RING_TIMER},${DIAL_TRUNK_OPTIONS})
exten => tdial,n,Set(CALLERID(number)=${CALLERID(number):0:40})
exten => tdial,n,Set(CALLERID(name)=${CALLERID(name):0:40})
exten => tdial,n(hangit),Hangup
;--== end of [ext-trunk] ==--;
{code}
was (Author: alexey_astashov):
Oh. What exactly should be sent from the configuration? In general, on the proposed image - present configuration of the peers.
And yet I believe that this is an error, as in previous versions of everything works well.
sip.conf - (GW Server)
.............
[001001]
username=001002
type=friend
insecure=port, invite
secret=MyPassword
qualify=yes
host=172.16.15.194
allow=all
context=from-trunk-sip-001001
part of extensions.conf - gw-server
{code}
.................
exten => 21,1,Set(TDIAL_STRING=SIP/001001)
exten => 21,n,Set(DIAL_TRUNK=21)
exten => 21,n,Goto(ext-trunk,tdial,1)
exten => tdial,1,Set(OUTBOUND_GROUP=OUT_${DIAL_TRUNK})
exten => tdial,n,GotoIf($["${OUTMAXCHANS_${DIAL_TRUNK}}" = ""]?nomax)
exten => tdial,n,GotoIf($[${GROUP_COUNT(OUT_${DIAL_TRUNK})} >= ${OUTMAXCHANS_${DIAL_TRUNK}}]?hangit)
exten => tdial,n(nomax),ExecIf($["${CALLINGPRES_SV}" != ""]?Set(CALLERPRES()=${CALLINGPRES_SV}))
exten => tdial,n,Set(DIAL_NUMBER=${FROM_DID})
exten => tdial,n,GosubIf($["${PREFIX_TRUNK_${DIAL_TRUNK}}" != ""]?sub-flp-${DIAL_TRUNK},s,1())
exten => tdial,n,Set(OUTNUM=${OUTPREFIX_${DIAL_TRUNK}}${DIAL_NUMBER})
exten => tdial,n,Set(DIAL_TRUNK_OPTIONS=${IF($["${DB_EXISTS(TRUNK/${DIAL_TRUNK}/dialopts)}" = "1"]?${DB_RESULT}:${TRUNK_OPTIONS})})
exten => tdial,n,Dial(${TDIAL_STRING}/${OUTNUM},${TRUNK_RING_TIMER},${DIAL_TRUNK_OPTIONS})
exten => tdial,n,Set(CALLERID(number)=${CALLERID(number):0:40})
exten => tdial,n,Set(CALLERID(name)=${CALLERID(name):0:40})
exten => tdial,n(hangit),Hangup
;--== end of [ext-trunk] ==--;
[from-trunk-sip-001001]
exten => _.,1,Set(GROUP()=OUT_21)
exten => _.,n,Goto(from-trunk,${EXTEN},1)
;--== end of [from-trunk-sip-001001] ==--;
[outrt-24] ; TO-NEW-OFFICE
exten => _11XX,1,Macro(user-callerid,LIMIT,EXTERNAL,)
exten => _11XX,n,GosubIf($[${LEN(${FROM_DID})}>0 & "${FROM_DID}"!="s"]?sub-diversion-header,s,1())
exten => _11XX,n,Set(INTRACOMPANYROUTE=YES)
exten => _11XX,n,Set(MOHCLASS=${IF($["${MOHCLASS}"=""]?default:${MOHCLASS})})
exten => _11XX,n,Set(_NODEST=)
exten => _11XX,n,Gosub(sub-record-check,s,1(out,${EXTEN},))
exten => _11XX,n,Macro(dialout-trunk,8,${EXTEN},,off)
exten => _11XX,n,Macro(outisbusy,)
exten => _12XX,1,Macro(user-callerid,LIMIT,EXTERNAL,)
exten => _12XX,n,GosubIf($[${LEN(${FROM_DID})}>0 & "${FROM_DID}"!="s"]?sub-diversion-header,s,1())
exten => _12XX,n,Set(INTRACOMPANYROUTE=YES)
exten => _12XX,n,Set(MOHCLASS=${IF($["${MOHCLASS}"=""]?default:${MOHCLASS})})
exten => _12XX,n,Set(_NODEST=)
exten => _12XX,n,Gosub(sub-record-check,s,1(out,${EXTEN},))
exten => _12XX,n,Macro(dialout-trunk,8,${EXTEN},,off)
exten => _12XX,n,Macro(outisbusy,)
;--== end of [outrt-24] ==--;
{code}
............
part of sip.conf - (users server which gives an Forbidden 403)
[001002]
defaultuser=001001
type=friend
insecure=port,invite
secret=MyPassword
qualify=yes
host=172.16.15.196
allow=all
context=from-trunk-sip-001002
........
part of extensions.conf users-server:
{code}
[from-trunk-sip-001002]
include => from-trunk-sip-001002-custom
exten => _.,1,Set(GROUP()=OUT_1)
exten => _.,n,Goto(from-trunk,${EXTEN},1)
;--== end of [from-trunk-sip-001002] ==--;
[from-trunk-iax2-00704]
include => from-trunk-iax2-00704-custom
exten => _.,1,Set(GROUP()=OUT_2)
exten => _.,n,Goto(from-trunk,${EXTEN},1)
;--== end of [from-trunk-iax2-00704] ==--;
[ext-trunk]
include => ext-trunk-custom
exten => 1,1,Set(TDIAL_STRING=SIP/001002)
exten => 1,n,Set(DIAL_TRUNK=1)
exten => 1,n,Goto(ext-trunk,tdial,1)
exten => 2,1,Set(TDIAL_STRING=IAX2/00704)
exten => 2,n,Set(DIAL_TRUNK=2)
exten => 2,n,Goto(ext-trunk,tdial,1)
exten => tdial,1,Set(OUTBOUND_GROUP=OUT_${DIAL_TRUNK})
exten => tdial,n,GotoIf($["${OUTMAXCHANS_${DIAL_TRUNK}}" = ""]?nomax)
exten => tdial,n,GotoIf($[${GROUP_COUNT(OUT_${DIAL_TRUNK})} >= ${OUTMAXCHANS_${DIAL_TRUNK}}]?hangit)
exten => tdial,n(nomax),ExecIf($["${CALLINGNAMEPRES_SV}" != ""]?Set(CALLERPRES(name-pres)=${CALLINGNAMEPRES_SV}))
exten => tdial,n,ExecIf($["${CALLINGNUMPRES_SV}" != ""]?Set(CALLERPRES(num-pres)=${CALLINGNUMPRES_SV}))
exten => tdial,n,Set(DIAL_NUMBER=${FROM_DID})
exten => tdial,n,GosubIf($["${PREFIX_TRUNK_${DIAL_TRUNK}}" != ""]?sub-flp-${DIAL_TRUNK},s,1())
exten => tdial,n,Set(OUTNUM=${OUTPREFIX_${DIAL_TRUNK}}${DIAL_NUMBER})
exten => tdial,n,Set(DIAL_TRUNK_OPTIONS=${IF($["${DB_EXISTS(TRUNK/${DIAL_TRUNK}/dialopts)}" = "1"]?${DB_RESULT}:${TRUNK_OPTIONS})})
exten => tdial,n,Dial(${TDIAL_STRING}/${OUTNUM}${TDIAL_SUFFIX},${TRUNK_RING_TIMER},${DIAL_TRUNK_OPTIONS})
exten => tdial,n,Set(CALLERID(number)=${CALLERID(number):0:40})
exten => tdial,n,Set(CALLERID(name)=${CALLERID(name):0:40})
exten => tdial,n(hangit),Hangup
;--== end of [ext-trunk] ==--;
{code}
> chan_sip returns forbidden 403, if the incoming number was determined as the present.
> -------------------------------------------------------------------------------------
>
> Key: ASTERISK-25648
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25648
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: 13.5.0, 13.6.0
> Reporter: Alexey A. Astashov
> Assignee: Unassigned
> Attachments: Debug-GW.txt, Debug-Users-Asterisk.txt, incall.cap, Initial-PBX-call.txt, Truble chan_sip.jpg, Users-asteriskmini.txt
>
>
> I detected a problem with the call processing protocol SIP.
> For example:
> "Some PBX" (num's 1100-1299) --> call came to my GW Asterisk with internal CID "Some PBX" --> then call routed to my PBX Asterisk (num's 1100-1500), but last determine existing number and return Forbidden 403.
> In configuration TRUNK on My PBX I have insecure=port,invite
> The error is that if the final PBX will see that an incoming call comes CID number that it has, it sends to the gateway error 403. The error was discovered with 13 versions of Asterisk, on Asterisk 11 - everything worked well. At the same time the IAX2 protocol, this is not a problem. Unfortunately, I can not test the functionality of the protocol PJSIP.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list